SlideShare a Scribd company logo

Computer Viruses and Worms Explained

D
dharmendra321361

Computer viruses and worms replicate themselves by inserting copies into other programs or documents. Viruses are pieces of code that piggyback on other programs, while worms are self-contained and use network vulnerabilities to spread. Notable examples include the Morris worm of 1988, which was the first to gain widespread attention, and the MyDoom virus of 2004, which caused major internet disruptions through distributed denial of service attacks. Prevention methods against viruses, worms, and other malware include software updates, antivirus programs, and more secure operating systems.

Art & Photos
1 of 23
Download to read offline
Computer Viruses and Worms Computer Viruses and Worms Dragan Lojpur Dragan Lojpur Zhu Fang Zhu Fang
Definition of Virus Definition of Virus   A virus is a small piece of software that A virus is a small piece of software that piggybacks on real programs in order to get piggybacks on real programs in order to get executed executed   Once it Once it’ ’s running, it spreads by inserting s running, it spreads by inserting   Once it Once it’ ’s running, it spreads by inserting s running, it spreads by inserting copies of itself into other executable code or copies of itself into other executable code or documents documents
Computer Virus Timeline Computer Virus Timeline   1949 1949 Theories for self Theories for self- -replicating programs are first developed. replicating programs are first developed.   1981 1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games. the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.   1983 1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.” (possibly evolved) copy of itself.” (possibly evolved) copy of itself.” (possibly evolved) copy of itself.”   1986 1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “© Brain” for a volume label. had “© Brain” for a volume label.   1987 1987 The Lehigh virus, one of the first file viruses, infects command.com files. The Lehigh virus, one of the first file viruses, infects command.com files.   1988 1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks. MacMag and the Scores virus cause the first major Macintosh outbreaks.   … …
Worms Worms   Worm Worm - - is a self is a self- -replicating program, replicating program, similar to a computer virus. A virus similar to a computer virus. A virus attaches itself to, and becomes part of, attaches itself to, and becomes part of, another executable program; however, another executable program; however, another executable program; however, another executable program; however, a worm is self a worm is self- -contained and does not contained and does not need to be part of another program to need to be part of another program to propagate itself. propagate itself.
History of Worms History of Worms   The first worm to attract wide attention, the The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris worm, was written by Robert Tappan Morris, who at the time was a graduate Morris, who at the time was a graduate student at Cornell University. student at Cornell University.   It was released on November 2, 1988 It was released on November 2, 1988   It was released on November 2, 1988 It was released on November 2, 1988   Morris himself was convicted under the US Morris himself was convicted under the US Computer Crime and Abuse Act and received Computer Crime and Abuse Act and received three years probation, community service and three years probation, community service and a fine in excess of $10,000. a fine in excess of $10,000.   Xerox PARC Xerox PARC
Worms… Worms…   Worms Worms – – is a small piece of software that is a small piece of software that uses computer networks and security holes to uses computer networks and security holes to replicate itself. A copy of the worm scans the replicate itself. A copy of the worm scans the network for another machine that has a network for another machine that has a specific security hole. It copies itself to the specific security hole. It copies itself to the specific security hole. It copies itself to the specific security hole. It copies itself to the new machine using the security hole, and new machine using the security hole, and then starts replicating from there, as well. then starts replicating from there, as well.   They are often designed to exploit the file They are often designed to exploit the file transmission capabilities found on many transmission capabilities found on many computers. computers.
Zombies Zombies   Infected computers Infected computers — — mostly Windows mostly Windows machines machines — — are now the major delivery are now the major delivery method of spam. method of spam.   Zombies have been used extensively to Zombies have been used extensively to send e send e- -mail spam; between 50% to mail spam; between 50% to 80% of all spam worldwide is now sent 80% of all spam worldwide is now sent by zombie computers by zombie computers
Money flow Money flow   Pay per click Pay per click
Typical things that some current Typical things that some current Personal Computer (PC) viruses do Personal Computer (PC) viruses do   Display a message Display a message
Typical things that some current Typical things that some current Personal Computer (PC) viruses do Personal Computer (PC) viruses do   Erase files Erase files   Scramble data on a hard disk Scramble data on a hard disk   Display a message Display a message   Cause erratic screen behavior Cause erratic screen behavior   Halt the PC Halt the PC   Many viruses do nothing obvious at all Many viruses do nothing obvious at all except spread! except spread!
Distributed Denial of Distributed Denial of Service Service   A A denial denial- -of of- -service attack service attack is an attack that is an attack that causes a loss of service to users, typically causes a loss of service to users, typically the loss of network connectivity and the loss of network connectivity and services by consuming the bandwidth of the services by consuming the bandwidth of the services by consuming the bandwidth of the services by consuming the bandwidth of the victim network or overloading the victim network or overloading the computational resources of the victim computational resources of the victim system. system.
How it works? How it works?   The flood of incoming messages to the target The flood of incoming messages to the target system essentially forces it to shut down, thereby system essentially forces it to shut down, thereby denying service to the system to legitimate users. denying service to the system to legitimate users.   Victim's IP address. Victim's IP address.   Victim's IP address. Victim's IP address.   Victim's port number. Victim's port number.   Attacking packet size. Attacking packet size.   Attacking interpacket delay. Attacking interpacket delay.   Duration of attack. Duration of attack.   MyDoom MyDoom – – SCO Group SCO Group
DDoS DDoS
MyDoom MyDoom   26 January 2004: 26 January 2004: The Mydoom virus is The Mydoom virus is first identified around 8am. Computer first identified around 8am. Computer security companies report that Mydoom is security companies report that Mydoom is responsible for approximately one in ten e responsible for approximately one in ten e- - responsible for approximately one in ten e responsible for approximately one in ten e- - mail messages at this time. Slows overall mail messages at this time. Slows overall internet performance by approximately ten internet performance by approximately ten percent and average web page load times by percent and average web page load times by approximately fifty percent approximately fifty percent
MyDoom… MyDoom…   27 January: 27 January: SCO Group offers a US $250,000 SCO Group offers a US $250,000 reward for information leading to the arrest of the reward for information leading to the arrest of the worm's creator worm's creator. .   1 February: 1 February: An estimated one million computers An estimated one million computers   1 February: 1 February: An estimated one million computers An estimated one million computers around the world infected with Mydoom begin the around the world infected with Mydoom begin the virus's massive distributed denial of service virus's massive distributed denial of service attack attack— —the largest such attack to date. the largest such attack to date.   2 February: 2 February: The SCO Group moves its site to The SCO Group moves its site to www.thescogroup.com. www.thescogroup.com.
Executable Viruses Executable Viruses   Traditional Viruses Traditional Viruses   pieces of code attached to a legitimate pieces of code attached to a legitimate program program run when the legitimate program gets run when the legitimate program gets   run when the legitimate program gets run when the legitimate program gets executed executed   loads itself into memory and looks around loads itself into memory and looks around to see if it can find any other programs on to see if it can find any other programs on the disk the disk
Boot Sector Viruses Boot Sector Viruses   Traditional Virus Traditional Virus   infect the boot sector on floppy disks and infect the boot sector on floppy disks and hard disks hard disks By putting its code in the boot sector, a By putting its code in the boot sector, a   By putting its code in the boot sector, a By putting its code in the boot sector, a virus can guarantee it gets executed virus can guarantee it gets executed   load itself into memory immediately, and it load itself into memory immediately, and it is able to run whenever the computer is on is able to run whenever the computer is on
Decline of traditional viruses Decline of traditional viruses   Reasons: Reasons: – – Huge size of today’s programs storing on a Huge size of today’s programs storing on a compact disk compact disk – – Operating systmes now protect the boot sector Operating systmes now protect the boot sector – – Operating systmes now protect the boot sector Operating systmes now protect the boot sector
E E- -mail Viruses mail Viruses   Moves around in e Moves around in e- -mail messages mail messages   Replicates itself by automatically mailing Replicates itself by automatically mailing itself to dozens of people in the victim itself to dozens of people in the victim’ ’s e s e- - mail address book mail address book mail address book mail address book   Example: Example: Melissa virus Melissa virus, , ILOVEYOU virus ILOVEYOU virus
Melissa virus Melissa virus   March 1999 March 1999   the Melissa virus was the fastest the Melissa virus was the fastest- -spreading virus spreading virus ever seen ever seen   Someone created the virus as a Word document Someone created the virus as a Word document uploaded to an uploaded to an Internet newsgroup Internet newsgroup uploaded to an uploaded to an Internet newsgroup Internet newsgroup   People who downloaded the document and opened People who downloaded the document and opened it would trigger the virus it would trigger the virus   The virus would then send the document in an e The virus would then send the document in an e- - mail message to the first 50 people in the person's mail message to the first 50 people in the person's address book address book
Melissa virus Melissa virus   Took advantage of the programming Took advantage of the programming language built into Microsoft Word called language built into Microsoft Word called VBA (Visual Basic for Applications) VBA (Visual Basic for Applications)
Prevention Prevention   Updates Updates   Anti Anti- -Viruses Viruses   More secure operating systems More secure operating systems e.g. UNIX e.g. UNIX
Reference Reference   http://mirror.aarnet.edu.au/pub/code http://mirror.aarnet.edu.au/pub/code- -red/newframes red/newframes- -small small- -log.gif log.gif   http://www.factmonster.com/ipka/A0872842.html http://www.factmonster.com/ipka/A0872842.html http://www.faqs.org/faqs/computer http://www.faqs.org/faqs/computer- -virus/new virus/new- -users/ users/   http://www.mines.edu/academic/computer/viri http://www.mines.edu/academic/computer/viri- -sysadmin.htm sysadmin.htm

Recommended

Computer virus
Computer virusComputer virus
Computer virusBGS Model Public School
 
Computer virus
Computer virusComputer virus
Computer virusSahib Sethi
 
computer-viruses
computer-virusescomputer-viruses
computer-virusesTayyaba farooq
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptVijayPatidar71
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptNORTHCUSTOMS
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).pptPrinceYdvz
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptPriyanka Aggarwal
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptAsimRaza464161
 

Recommended

Computer virus
Computer virusComputer virus
Computer virusBGS Model Public School
 
Computer virus
Computer virusComputer virus
Computer virusSahib Sethi
 
computer-viruses
computer-virusescomputer-viruses
computer-virusesTayyaba farooq
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptVijayPatidar71
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptNORTHCUSTOMS
 
Viruses (2).ppt
Viruses (2).pptViruses (2).ppt
Viruses (2).pptPrinceYdvz
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptPriyanka Aggarwal
 
Viruses.ppt
Viruses.pptViruses.ppt
Viruses.pptAsimRaza464161
 
Viruses
VirusesViruses
VirusesAlyssaFerrer7
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).pptLadyChristianneCalic
 
Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
Computer virus
Computer virusComputer virus
Computer virusRohit Nayak
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar pptvipinkumar940
 
Computer viruses
Computer virusesComputer viruses
Computer viruseskamrannasiriiui
 
Viruses
VirusesViruses
Virusesyuvan80
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virusLeonor Costa
 
Virus09
Virus09Virus09
Virus09defler
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus Ammy Vijay
 
Viruses ppt finale
Viruses ppt finaleViruses ppt finale
Viruses ppt finalemishrasb4
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail sonykhan3
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
Computer virus
Computer virusComputer virus
Computer virusAmbadi S - HR Professional
 
Computer Worms
Computer WormsComputer Worms
Computer Wormssadique_ghitm
 
Presentation on virus
Presentation on virusPresentation on virus
Presentation on virusProtik Roy
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 
W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer virusesInstitute of Management Studies UOP
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9Ali Habeeb
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100737728_ahmed
 
Olivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptxOlivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptxLauraFagan6
 
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl serviceDelhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl serviceashishs7044
 

More Related Content

Similar to Computer Viruses and Worms Explained

Computer viruses
Computer virusesComputer viruses
Computer virusesDark Side
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar pptvipinkumar940
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virusLeonor Costa
 
Virus09
Virus09Virus09
Virus09defler
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus Ammy Vijay
 
Viruses ppt finale
Viruses ppt finaleViruses ppt finale
Viruses ppt finalemishrasb4
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail sonykhan3
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptOsama Yousaf
 
Presentation on virus
Presentation on virusPresentation on virus
Presentation on virusProtik Roy
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan100701982
 

Similar to Computer Viruses and Worms Explained (20)

Viruses
VirusesViruses
Viruses
 
Viruses (1).ppt
Viruses (1).pptViruses (1).ppt
Viruses (1).ppt
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Computer virus
Computer virusComputer virus
Computer virus
 
computer vipin kumar ppt
computer vipin kumar pptcomputer vipin kumar ppt
computer vipin kumar ppt
 
Computer viruses
Computer virusesComputer viruses
Computer viruses
 
Viruses
VirusesViruses
Viruses
 
What is a virus and anti virus
What is a virus and anti virusWhat is a virus and anti virus
What is a virus and anti virus
 
Virus09
Virus09Virus09
Virus09
 
History of Computer Virus
History of Computer Virus History of Computer Virus
History of Computer Virus
 
Viruses ppt finale
Viruses ppt finaleViruses ppt finale
Viruses ppt finale
 
computer virus with full detail
computer virus with full detail computer virus with full detail
computer virus with full detail
 
Computer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides pptComputer Viruses and Classification lecture slides ppt
Computer Viruses and Classification lecture slides ppt
 
Computer virus
Computer virusComputer virus
Computer virus
 
Computer Worms
Computer WormsComputer Worms
Computer Worms
 
Presentation on virus
Presentation on virusPresentation on virus
Presentation on virus
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 
W 12 computer viruses
W 12 computer virusesW 12 computer viruses
W 12 computer viruses
 
Iss lecture 9
Iss lecture 9Iss lecture 9
Iss lecture 9
 
Virus worm trojan
Virus worm trojanVirus worm trojan
Virus worm trojan
 

Recently uploaded

Olivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptxOlivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptxLauraFagan6
 
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl serviceDelhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl serviceashishs7044
 
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...akbard9823
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akolasrsj9000
 
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call GirlsFaridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | DelhiMalviyaNagarCallGirl
 
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call Girls
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call GirlsJagat Puri Call Girls : ☎ 8527673949, Low rate Call Girls
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
FULL ENJOY - 9953040155 Call Girls in Noida | Delhi
FULL ENJOY - 9953040155 Call Girls in Noida | DelhiFULL ENJOY - 9953040155 Call Girls in Noida | Delhi
FULL ENJOY - 9953040155 Call Girls in Noida | DelhiMalviyaNagarCallGirl
 
Roadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMRoadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMroute66connected
 
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girls
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call GirlsLaxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girls
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiMalviyaNagarCallGirl
 
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call GirlsPragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Service
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts ServiceRussian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Service
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Servicedoor45step
 
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857delhimodel235
 
Strip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStrip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStripovizijacom
 
Karachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiKarachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiAyesha Khan
 
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?kexey39068
 
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in DowntownDowntown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtowndajasot375
 
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 60009654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000Sapana Sha
 
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiMalviyaNagarCallGirl
 

Recently uploaded (20)

Olivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptxOlivia Cox. intertextual references.pptx
Olivia Cox. intertextual references.pptx
 
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl serviceDelhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
Delhi Room Call Girls : ☎ 8527673949, Low rate Call girl service
 
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...
Patrakarpuram ) Cheap Call Girls In Lucknow (Adult Only) 🧈 8923113531 𓀓 Esco...
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
 
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call GirlsFaridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
 
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in New Ashok Nagar | Delhi
 
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call Girls
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call GirlsJagat Puri Call Girls : ☎ 8527673949, Low rate Call Girls
Jagat Puri Call Girls : ☎ 8527673949, Low rate Call Girls
 
FULL ENJOY - 9953040155 Call Girls in Noida | Delhi
FULL ENJOY - 9953040155 Call Girls in Noida | DelhiFULL ENJOY - 9953040155 Call Girls in Noida | Delhi
FULL ENJOY - 9953040155 Call Girls in Noida | Delhi
 
Roadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NMRoadrunner Lodge, Motel/Residence, Tucumcari NM
Roadrunner Lodge, Motel/Residence, Tucumcari NM
 
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girls
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call GirlsLaxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girls
Laxmi Nagar Call Girls : ☎ 8527673949, Low rate Call Girls
 
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
 
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call GirlsPragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
 
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Service
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts ServiceRussian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Service
Russian⚡ Call Girls In Sector 104 Noida✨8375860717⚡Escorts Service
 
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857
Low Rate Call Girls in Laxmi Nagar Delhi Call 9990771857
 
Strip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStrip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdf
 
Karachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiKarachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in Karachi
 
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?
How Can You Get Dubai Call Girls +971564860409 Call Girls Dubai?
 
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in DowntownDowntown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
 
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 60009654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
 
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
 

Computer Viruses and Worms Explained

  • 1. Computer Viruses and Worms Computer Viruses and Worms Dragan Lojpur Dragan Lojpur Zhu Fang Zhu Fang
  • 2. Definition of Virus Definition of Virus   A virus is a small piece of software that A virus is a small piece of software that piggybacks on real programs in order to get piggybacks on real programs in order to get executed executed   Once it Once it’ ’s running, it spreads by inserting s running, it spreads by inserting   Once it Once it’ ’s running, it spreads by inserting s running, it spreads by inserting copies of itself into other executable code or copies of itself into other executable code or documents documents
  • 3. Computer Virus Timeline Computer Virus Timeline   1949 1949 Theories for self Theories for self- -replicating programs are first developed. replicating programs are first developed.   1981 1981 Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on Apple Viruses 1, 2, and 3 are some of the first viruses “in the wild,” or in the public domain. Found on the Apple II operating system, the viruses spread through Texas A&M via pirated computer games. the Apple II operating system, the viruses spread through Texas A&M via pirated computer games.   1983 1983 Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer Fred Cohen, while working on his dissertation, formally defines a computer virus as “a computer program that can affect other computer programs by modifying them in such a way as to include a program that can affect other computer programs by modifying them in such a way as to include a (possibly evolved) copy of itself.” (possibly evolved) copy of itself.” (possibly evolved) copy of itself.” (possibly evolved) copy of itself.”   1986 1986 Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy Two programmers named Basit and Amjad replace the executable code in the boot sector of a floppy disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies disk with their own code designed to infect each 360kb floppy accessed on any drive. Infected floppies had “© Brain” for a volume label. had “© Brain” for a volume label.   1987 1987 The Lehigh virus, one of the first file viruses, infects command.com files. The Lehigh virus, one of the first file viruses, infects command.com files.   1988 1988 One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus One of the most common viruses, Jerusalem, is unleashed. Activated every Friday the 13th, the virus affects both .exe and .com files and deletes any programs run on that day. affects both .exe and .com files and deletes any programs run on that day. MacMag and the Scores virus cause the first major Macintosh outbreaks. MacMag and the Scores virus cause the first major Macintosh outbreaks.   … …
  • 4. Worms Worms   Worm Worm - - is a self is a self- -replicating program, replicating program, similar to a computer virus. A virus similar to a computer virus. A virus attaches itself to, and becomes part of, attaches itself to, and becomes part of, another executable program; however, another executable program; however, another executable program; however, another executable program; however, a worm is self a worm is self- -contained and does not contained and does not need to be part of another program to need to be part of another program to propagate itself. propagate itself.
  • 5. History of Worms History of Worms   The first worm to attract wide attention, the The first worm to attract wide attention, the Morris worm, was written by Robert Tappan Morris worm, was written by Robert Tappan Morris, who at the time was a graduate Morris, who at the time was a graduate student at Cornell University. student at Cornell University.   It was released on November 2, 1988 It was released on November 2, 1988   It was released on November 2, 1988 It was released on November 2, 1988   Morris himself was convicted under the US Morris himself was convicted under the US Computer Crime and Abuse Act and received Computer Crime and Abuse Act and received three years probation, community service and three years probation, community service and a fine in excess of $10,000. a fine in excess of $10,000.   Xerox PARC Xerox PARC
  • 6. Worms… Worms…   Worms Worms – – is a small piece of software that is a small piece of software that uses computer networks and security holes to uses computer networks and security holes to replicate itself. A copy of the worm scans the replicate itself. A copy of the worm scans the network for another machine that has a network for another machine that has a specific security hole. It copies itself to the specific security hole. It copies itself to the specific security hole. It copies itself to the specific security hole. It copies itself to the new machine using the security hole, and new machine using the security hole, and then starts replicating from there, as well. then starts replicating from there, as well.   They are often designed to exploit the file They are often designed to exploit the file transmission capabilities found on many transmission capabilities found on many computers. computers.
  • 7. Zombies Zombies   Infected computers Infected computers — — mostly Windows mostly Windows machines machines — — are now the major delivery are now the major delivery method of spam. method of spam.   Zombies have been used extensively to Zombies have been used extensively to send e send e- -mail spam; between 50% to mail spam; between 50% to 80% of all spam worldwide is now sent 80% of all spam worldwide is now sent by zombie computers by zombie computers
  • 8. Money flow Money flow   Pay per click Pay per click
  • 9. Typical things that some current Typical things that some current Personal Computer (PC) viruses do Personal Computer (PC) viruses do   Display a message Display a message
  • 10. Typical things that some current Typical things that some current Personal Computer (PC) viruses do Personal Computer (PC) viruses do   Erase files Erase files   Scramble data on a hard disk Scramble data on a hard disk   Display a message Display a message   Cause erratic screen behavior Cause erratic screen behavior   Halt the PC Halt the PC   Many viruses do nothing obvious at all Many viruses do nothing obvious at all except spread! except spread!
  • 11. Distributed Denial of Distributed Denial of Service Service   A A denial denial- -of of- -service attack service attack is an attack that is an attack that causes a loss of service to users, typically causes a loss of service to users, typically the loss of network connectivity and the loss of network connectivity and services by consuming the bandwidth of the services by consuming the bandwidth of the services by consuming the bandwidth of the services by consuming the bandwidth of the victim network or overloading the victim network or overloading the computational resources of the victim computational resources of the victim system. system.
  • 12. How it works? How it works?   The flood of incoming messages to the target The flood of incoming messages to the target system essentially forces it to shut down, thereby system essentially forces it to shut down, thereby denying service to the system to legitimate users. denying service to the system to legitimate users.   Victim's IP address. Victim's IP address.   Victim's IP address. Victim's IP address.   Victim's port number. Victim's port number.   Attacking packet size. Attacking packet size.   Attacking interpacket delay. Attacking interpacket delay.   Duration of attack. Duration of attack.   MyDoom MyDoom – – SCO Group SCO Group
  • 14. MyDoom MyDoom   26 January 2004: 26 January 2004: The Mydoom virus is The Mydoom virus is first identified around 8am. Computer first identified around 8am. Computer security companies report that Mydoom is security companies report that Mydoom is responsible for approximately one in ten e responsible for approximately one in ten e- - responsible for approximately one in ten e responsible for approximately one in ten e- - mail messages at this time. Slows overall mail messages at this time. Slows overall internet performance by approximately ten internet performance by approximately ten percent and average web page load times by percent and average web page load times by approximately fifty percent approximately fifty percent
  • 15. MyDoom… MyDoom…   27 January: 27 January: SCO Group offers a US $250,000 SCO Group offers a US $250,000 reward for information leading to the arrest of the reward for information leading to the arrest of the worm's creator worm's creator. .   1 February: 1 February: An estimated one million computers An estimated one million computers   1 February: 1 February: An estimated one million computers An estimated one million computers around the world infected with Mydoom begin the around the world infected with Mydoom begin the virus's massive distributed denial of service virus's massive distributed denial of service attack attack— —the largest such attack to date. the largest such attack to date.   2 February: 2 February: The SCO Group moves its site to The SCO Group moves its site to www.thescogroup.com. www.thescogroup.com.
  • 16. Executable Viruses Executable Viruses   Traditional Viruses Traditional Viruses   pieces of code attached to a legitimate pieces of code attached to a legitimate program program run when the legitimate program gets run when the legitimate program gets   run when the legitimate program gets run when the legitimate program gets executed executed   loads itself into memory and looks around loads itself into memory and looks around to see if it can find any other programs on to see if it can find any other programs on the disk the disk
  • 17. Boot Sector Viruses Boot Sector Viruses   Traditional Virus Traditional Virus   infect the boot sector on floppy disks and infect the boot sector on floppy disks and hard disks hard disks By putting its code in the boot sector, a By putting its code in the boot sector, a   By putting its code in the boot sector, a By putting its code in the boot sector, a virus can guarantee it gets executed virus can guarantee it gets executed   load itself into memory immediately, and it load itself into memory immediately, and it is able to run whenever the computer is on is able to run whenever the computer is on
  • 18. Decline of traditional viruses Decline of traditional viruses   Reasons: Reasons: – – Huge size of today’s programs storing on a Huge size of today’s programs storing on a compact disk compact disk – – Operating systmes now protect the boot sector Operating systmes now protect the boot sector – – Operating systmes now protect the boot sector Operating systmes now protect the boot sector
  • 19. E E- -mail Viruses mail Viruses   Moves around in e Moves around in e- -mail messages mail messages   Replicates itself by automatically mailing Replicates itself by automatically mailing itself to dozens of people in the victim itself to dozens of people in the victim’ ’s e s e- - mail address book mail address book mail address book mail address book   Example: Example: Melissa virus Melissa virus, , ILOVEYOU virus ILOVEYOU virus
  • 20. Melissa virus Melissa virus   March 1999 March 1999   the Melissa virus was the fastest the Melissa virus was the fastest- -spreading virus spreading virus ever seen ever seen   Someone created the virus as a Word document Someone created the virus as a Word document uploaded to an uploaded to an Internet newsgroup Internet newsgroup uploaded to an uploaded to an Internet newsgroup Internet newsgroup   People who downloaded the document and opened People who downloaded the document and opened it would trigger the virus it would trigger the virus   The virus would then send the document in an e The virus would then send the document in an e- - mail message to the first 50 people in the person's mail message to the first 50 people in the person's address book address book
  • 21. Melissa virus Melissa virus   Took advantage of the programming Took advantage of the programming language built into Microsoft Word called language built into Microsoft Word called VBA (Visual Basic for Applications) VBA (Visual Basic for Applications)
  • 22. Prevention Prevention   Updates Updates   Anti Anti- -Viruses Viruses   More secure operating systems More secure operating systems e.g. UNIX e.g. UNIX